Executive Risk Summary
"A hardcoded sensitive token vulnerability in Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 allows for an Active Directory account takeover. This vulnerability poses a significant risk to organizations using these versions, as it could lead to unauthorized access and control of sensitive data."
Anticipated Attack Path
- 1. Initial Exploitation: Attacker discovers the hardcoded sensitive token
- 2. Privilege Escalation: Attacker uses the token to gain access to an Active Directory account
- 3. Lateral Movement: Attacker moves laterally within the network using the compromised account
Am I Vulnerable?
- Verify the version of ManageEngine Analytics Plus and Zoho Analytics on-premise
- Check for any suspicious activity related to Active Directory accounts
- Apply the patch or upgrade to a version newer than 6130
Operational Audit Arsenal
Target Type Binary
Target Asset ManageEngine.AnalyticsPlus.exe
Standard Path C:\Program Files\ManageEngine\Analytics Plus\bin
Manual Verification Required
This is a non-Windows asset (Zohocorp). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.
Patch Impact Forecast
Reboot Required Likely
Minimal to Moderate
Internal Work Notes
CVE-2025-1724: ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an Active Directory account takeover due to a hardcoded sensitive token. Patch or upgrade to a newer version to mitigate the risk.
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Related Zohocorp Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.